From 0983d0a55701c490f21fc741068c7a09c99a4aa9 Mon Sep 17 00:00:00 2001 From: Michal Domonkos Date: Thu, 16 May 2024 12:37:57 +0200 Subject: [PATCH] Fix potential double-free in test3.c The pointer to newargv passed to poptParseArgvString() may not be assigned to in case of an error, and it still may contain an address to already freed memory from the previous for loop iteration. To fix, add a return value check, similar to the one above it for the out pointer. Found by a static analyzer. --- tests/test3.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/test3.c b/tests/test3.c index aa91167a..f1ee7774 100644 --- a/tests/test3.c +++ b/tests/test3.c @@ -30,7 +30,11 @@ int main (int argc, char **argv) { printf ("single string: '%s'\n", out); - poptParseArgvString (out, &newargc, &newargv); + ret = poptParseArgvString (out, &newargc, &newargv); + if (ret != 0) { + printf ("cannot parse %s. ret=%d\n", out, ret); + continue; + } printf ("popt array: size=%d\n", newargc); for (j = 0; j < newargc; j++)